Access Control Fundamentals

13. Access Control Techniques

Rule-based access control uses specific rules that indicate what can and cannot happen between a subject and an object.
A subject should meet a set of predefined rules before it can access an object.
It is not necessarily identity based, i.e. it can be applicable to all the users or subjects irrespective of their identities.
E.g.: Routers and firewall use rules to filter incoming and outgoing packets